directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre Smits (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1966) Delete of ACI generates NPE
Date Wed, 26 Mar 2014 09:17:15 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13947704#comment-13947704
] 

Pierre Smits commented on DIRSERVER-1966:
-----------------------------------------

I also surmised that the subtreeSpecification in the second ACI was the culprit.

I thought that setting it like so would prevent the users to not see the data of other partitions
when in Studio in the connection the flag 'Get base DNs from root DSE' was set to 'true'.

> Delete of ACI generates NPE
> ---------------------------
>
>                 Key: DIRSERVER-1966
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1966
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M16
>         Environment: Studio 2.0.0.v20130628
>            Reporter: Pierre Smits
>
> I have created two ACI for a partition.
> The first ACI  has following content:
> dn: cn=orrtizACISubEntry,dc=orrtiz,dc=com
> objectClass: top
> objectClass: accessControlSubentry
> objectClass: subentry
> cn: orrtizACISubEntry
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
>  ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
>  es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
>   protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
>   { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
>  antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
>  ntRemove, grantRead, grantExport } } } } }
> prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
>  ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
>  rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry }, 
>  grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
>  re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
>   userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
>  e } } } } }
> subtreeSpecification: { }
> accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
>  5=orrtiz,0.9.2342.19200300.100.1.25=com
> createTimestamp: 20140325202223.905Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20140325202223.905000Z#000000#001#000000
> entryDN: cn=orrtizACISubEntry,dc=orrtiz,dc=com
> entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> entryUUID:: ZWE0MTQxNTMtMzdjYS00NWU5LWE2ZTItODhkZTU2YTUzYzE2
> The second ACI has following content:
> dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> objectClass: top
> objectClass: accessControlSubentry
> objectClass: subentry
> cn: orrtizAuthReqACISubEntry
> prescriptiveACI: { identificationTag "directoryManagerFullAccessACI", preced
>  ence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClass
>  es { name { "cn=nl04748,ou=users,dc=orrtiz,dc=com" } }, userPermissions { {
>   protectedItems { allUserAttributeTypesAndValues, entry }, grantsAndDenials
>   { grantReturnDN, grantFilterMatch, grantBrowse, grantCompare, grantAdd, gr
>  antInvoke, grantModify, grantImport, grantDiscloseOnError, grantRename, gra
>  ntRemove, grantRead, grantExport } } } } }
> prescriptiveACI: { identificationTag "allUsersACI", precedence 10, authentic
>  ationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, use
>  rPermissions { { protectedItems { allUserAttributeTypesAndValues, entry }, 
>  grantsAndDenials { grantReturnDN, grantFilterMatch, grantBrowse, grantCompa
>  re, grantDiscloseOnError, grantRead } }, { protectedItems { attributeType {
>   userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompar
>  e } } } } }
> subtreeSpecification: { base "dc=orrtiz,dc=com" }
> accessControlSubentries: 2.5.4.3=orrtizacisubentry,0.9.2342.19200300.100.1.2
>  5=orrtiz,0.9.2342.19200300.100.1.25=com
> createTimestamp: 20140325182443.296Z
> creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> entryCSN: 20140325200009.087000Z#000000#001#000000
> entryDN: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> entryParentId: a22442b4-f41f-46bb-89d8-e567ed1a5800
> entryUUID:: MWViMTQxMDktNzEzOC00NzFkLTlmYzEtZTgyMTM1NzI1ZDU1
> modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> modifyTimestamp: 20140325200009.087Z
> The difference between the two is the subtreeSpecifications whereby the first is {},
and the second { base "dc=orrtiz,dc=com" }
> Deleting the first ACI generates no problem. Deleting the second  ACI generates following
error:
> #!RESULT ERROR
> #!CONNECTION ldap://director.somonar.prd:389
> #!DATE 2014-03-25T20:38:04.044
> #!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : DEL_REQUEST Message ID
: 23     Del request         Entry : 'cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com' org.apache.directory.api.ldap.model.message.DeleteRequestImpl@90241f8:
null: java.lang.NullPointerException at org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:1043)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.operational.OperationalAttributeInterceptor.delete(OperationalAttributeInterceptor.java:462)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.exception.ExceptionInterceptor.delete(ExceptionInterceptor.java:207)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.admin.AdministrativePointInterceptor.delete(AdministrativePointInterceptor.java:1261)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.delete(DefaultAuthorizationInterceptor.java:172)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authz.AciAuthorizationInterceptor.delete(AciAuthorizationInterceptor.java:678)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.referral.ReferralInterceptor.delete(ReferralInterceptor.java:288)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.authn.AuthenticationInterceptor.delete(AuthenticationInterceptor.java:749)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:490)
at org.apache.directory.server.core.normalization.NormalizationInterceptor.delete(NormalizationInterceptor.java:174)
at org.apache.directory.server.core.DefaultOperationManager.delete(DefaultOperationManager.java:641)
at org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:923)
at org.apache.directory.server.core.shared.DefaultCoreSession.delete(DefaultCoreSession.java:906)
at org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:55)
at org.apache.directory.server.ldap.handlers.request.DeleteRequestHandler.handle(DeleteRequestHandler.java:39)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:662) ]
> dn: cn=orrtizAuthReqACISubEntry,dc=orrtiz,dc=com
> changetype: delete
> I did this with uid=admin,ou=system.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message